From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5b) Gecko/20030814 Description of problem: up2date fails with ssl error. Coincidence that RHNS-CA-CERT has the following in the first cert entry? Validity Not Before: Aug 23 22:45:55 2000 GMT Not After : Aug 28 22:45:55 2003 GMT Same cert found in Taroon with all updates as well as up2date package from RedHat 9. Version-Release number of selected component (if applicable): up2date-3.0.7.1-2 How reproducible: Always Steps to Reproduce: 1. run up2date 2. 3. Actual Results: There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')] Additional info:
I am running RH Linux 9 and just started getting same error from the RNH applet which goes into (?). Went all over the instructions on the RHN login web page regarding SSL certificates and condition still remains. Running up2date-3.1.23.1-5.
*** Bug 103347 has been marked as a duplicate of this bug. ***
*** Bug 103343 has been marked as a duplicate of this bug. ***
*** Bug 103339 has been marked as a duplicate of this bug. ***
*** Bug 103340 has been marked as a duplicate of this bug. ***
I've the same problem. Description of problem: When i run: up2date -u i see the following output: There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')] If i execute: openssl s_client -connect xmlrpc.rhn.redhat.com:443 -CAfile /usr/share/rhn/RHNS- CA-CERT The last line give: Verify return code: 10 (Certificate has expired) My system date is good but in /usr/share/rhn/RHNS-CA-CERT i see the expire date as follow: Validity Not Before: Aug 23 22:45:55 2000 GMT Not After : Aug 28 22:45:55 2003 GMT I think that all systems has this certificate date. What's going on?
I have a temporary solution for this. I ran up2date --configure and changed the https URL to a http one and up2date is running fine after that.
*** Bug 103357 has been marked as a duplicate of this bug. ***
I followed the advise of Comment #7, ran up2date, and found a new version of up2date and up2date-gnome (3.1.23.2-1), perfomed the update, restarted my applet, and life is good. I changed back to https from the temp solution before restarting the applet.
See http://rhn.redhat.com/ for details of this issue and how to fix it. Or see our advisories directly at https://rhn.redhat.com/errata/RHSA-2003-267.html and https://rhn.redhat.com/errata/RHSA-2003-268.html
Mark J. Cox, your advisories do not address this issue, even after installing the updated RPM's I still receive this error. Something else is wrong. I even manually updated the SSL certificate. The difference I suppose is this is a system that I'm registering for the first time, it was not yet registered *before* I updated 'up2date'.
I should note that the problem was on a newly setup RedHat 8.0 box
I too have this problem. I downloaded the new up2date packages (3.0.7.2-1) from the security/bugfixes page whose URL was sent out in the "URGENT:[...]" email. After performing an rpm -Fvh, up2date continued to be b0rken with the same error. I tried downloading the RHNS-CA-CERT file and performing install -b RHNS-CA-CERT /usr/share/rhn as indicated, but that didn't fix the problem either.
Hi, I was able to update the up2date & up2date-gnome for Red Hat v9.0. However, I am also running Red Hat Linux (Severn) 9.0.93 - Beta. Is there a similar update for both packages available for the Severn Beta edition of Red Hat? Thanks, Curtis
Check the file /etc/sysconfig/rhn/up2date. There should be two lines that look like this sslCACert[comment]=The CA cert used to verify the ssl server sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT In machines where up2date is broken, the second of these two lines is missing. Add that line and you fix the problem.
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still running Red Hat Linux, you are strongly advised to upgrade to a current Fedora Core release or Red Hat Enterprise Linux or comparable. Some information on which option may be right for you is available at http://www.redhat.com/rhel/migrate/redhatlinux/. Red Hat apologizes that these issues have not been resolved yet. We do want to make sure that no important bugs slip through the cracks. Please check if this issue is still present in a current Fedora Core release. If so, please change the product and version to match, and check the box indicating that the requested information has been provided. Note that any bug still open against Red Hat Linux on will be closed as 'CANTFIX' on September 30, 2006. Thanks again for your help.
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still running Red Hat Linux, you are strongly advised to upgrade to a current Fedora Core release or Red Hat Enterprise Linux or comparable. Some information on which option may be right for you is available at http://www.redhat.com/rhel/migrate/redhatlinux/. Closing as CANTFIX.